CVE-2025-66423 HIGH

CVE-2025-66423

Vendor Tryton

Product trytond

Weakness CWE-863 · Incorrect authorization

Published November 30, 2025

Last update December 1, 2025

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Key dates

02Disclosure timeline

November 30, 2025 CVE published

December 1, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-66423 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

Identifiers

CVE CVE-2025-66423

CWE CWE-863

CVSS 7.1 / HIGH

Affected versions

Vendor Tryton

Product trytond

Affected ≥ 6.0.0 and < 6.0.70

Vendor Tryton

Product trytond

Affected ≥ 7.0.0 and < 7.0.40

Vendor Tryton

Product trytond

Affected ≥ 7.1.0 and < 7.4.21

Vendor Tryton

Product trytond

Affected ≥ 7.5.0 and < 7.6.11

CVE-2025-66423

01Description

02Disclosure timeline

03References

04Related CVE